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What Is Claimed Is: 

1. A methoa for caching and accessing rights in a distributed 
computing system, the method comprising the steps of: 
5 accessing, bv an agent, a directory service, wherein the agent is 

^ . L located on a deputization point coupled to the directory service, and wherein 

a\ the directory service comprises the rights of a principal to a resource; 

'I updating, by tnte agent, the rights to an access control list cache, 

wherein the access control lis\ cache is coupled to the deputization point and to 
10 the principal; 

p receiving, at the access control list cache, a request from the 

2 principal for the rights; 

retrieving, by the access control list cache, the rights; and 



01 



83 forwarding, to the principal, the rights. 

01 

15 



W 

P resource. 



2. The method of claim 1, wherein the access control list cache is 
comprised of a first table comprising the principal that has access to the 



20 3. The method of claim 1, wherein the access control list cache is 

comprised of a second table comprising the rights of the principal to the 
resource. 

4. The method of claim 1, wherein the access control list cache is 
25 comprised of a third table comprising a cached access to the resource object. 



d-683644.1 



28 



Docket Number: IDR-338 (26530.4) 

5. The method of claim 2 further comprising the step of invoking, by 
the directory service, a resource manager, if the first table does not contain the 
principal that has access to the resource, wherein the resource manager is 
coupled to the directory service and comprises access information and rights of 
the principal to the resource. 

6. The method of claim 5 further comprising the step of mapping, by 
the resource manager, an access control of the rights in the resource manager 
to an access control of the rights in the directory service. 

7. The method of claim 6 further comprising the step of updating, 
by the resource manager, the mapped access control of the rights to the access 
control list cache. 

8. The method of claim 1, further comprising at least one of the 
following steps from the group consisting of: 

remotely accessing, by the deputization point, the directory 

service; 

remotely accessing, by the directory service, the deputization 

point; 

remotely accessing, by the deputization point, the access control 

list cache; 

remotely accessing, by the access control list cache, the 
deputization point; 

remotely accessing, by the access control list cache, the principal; 

and 

remotely accessing, by the principal, the access control list cache. 



.1 



29 



Docket Number: IDR-338 (26530.4) 



9. The method of claim 5, further comprising at least one of the 
following steps from the group consisting of: 

remotely accessing, by the resource manager, the directory 

service; and 

remotely accessing, by the directory service, the resource 

manager. 

10. The method of claim 1, further comprising at least one of the 
following steps from the group consisting of: 

asynchronously updating, by the agent to the access control list 
cache, the rights, when the rights are added to the directory service; 

asynchronously updating, by the agent to the access control list 
cache, the rights, when the rights are removed from the directory service; 

asynchronously updating, by the agent to the access control list 
cache, the rights, when the request from the principal is received; 

synchronously updating, by the agent to the access control list 
cache, the rights, when the rights are added to the directory service; 

synchronously updating, by the agent to the access control list 
cache, the rights, when the rights are removed from the directory service; 

synchronously updating, by the agent to the access control list 
cache, the rights, when the request from the principal is received; 

updating, at a scheduled time, the rights by the agent to the 
access control list cache; and 

updating, after a time to live has expired, the rights by the agent 
to the access control list cache. 
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11. A distributed computing system supporting access control 
caching, the system comprises: 

a plurality of computers, each having a memory and a processor; 
a plurality of communication links connecting the plurality of 

computers; 

a principal located on a first one of the computers; 

an agent located on a second one of the computers; 

a resource located on a third one of the computers; 

a first set of rights located on a fourth one of the computers; 

a second set of rights located on a fifth one of the computers; 

means for accessing, by the agent, the first set of rights of the 
principal to the resource; 

means for updating, by the agent, the first set of rights to an 
access control list cache, wherein the access control list cache is located on a 
sixth one of the computers; 

means for receiving, at the access control list cache, a request 
from the principal for the first set of rights; 

means for retrieving, by the access control list cache, the first set 
of rights; and 

means for forwarding, to the principal, the first set of rights. 

12. The system of claim 11 further comprises means for invoking the 
second set of rights, if the first set of rights is not located on the fourth one of 
the computers. 

13. The system of claim 12 further comprises means for mapping an 
access control of the of the second set of rights to an access control of the first 
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14. The system of claim 13 further comprises, means for updating the 
access control list cache with the mapped access control of the first set of 

5 rights. 

15. A computer storage medium having a configuration that 
represents data and instructions which will cause performance of method steps 
for caching and accessing rights in a distributed computing system, the method 

1 0 comprising the steps of 

accessing, fey an agent, a directory service, wherein the agent is 
located on a deputizationvpoint coupled to the directory service having the 
rights of at least one principal to at least one resource; 

updating, by the agent, the rights to an access control list cache, 
15 wherein the access control lrst cache is coupled to the deputization point, and 
wherein the access control list cache is coupled to the principal; 

receiving, at the Recess control list cache, a request from the 
principal for the rights; 

retrieving, by the Access control list cache, the rights; and 
20 forwarding, to the principal, the rights. 

16. The configured storage medium of claim 15 further comprising 
the step of invoking, by the directory service, a resource manager, if the access 
control list cache does not contain one of the rights, wherein the resource 

25 manager is coupled to the directory service, and wherein the resource manager 
comprises the one right. 
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17. The configured storage medium of claim 16 further comprising 
the step of mapping, by the resource manager, an access control of the one 
right to an access control of the rights. 

5 18. The configured storage medium of claim 17 further comprising 

the step of updating, by the resource manager, the mapped access control of 
the rights to the access control list cache. 

19. A computer supporting access control caching, the computer 
10 comprises: 

q a memory and a processor; 

■p a principal; 

HI an agent; 

gg a resource; 

fP 

15 an access control list cache; 

f a first set of rights; 

pais 

H> a second set of rights, wherein the memory, the processor, the 

S principal, the agent, the resource, and the access control list cache exchange 

*y information relating to the first set of rights and the second set of rights; 

20 means for accessing the first set of rights of the principal to the 



resource; 



cache; 



25 of rights; 



means for updating the first set of rights to the access control list 

means for receiving a request from the principal for the first set 

means for retrieving the first set of rights; and 

means for forwarding the first set of rights to the principal. 
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20. The system of claim 19 further comprises means for invoking the 
second set of rights, if the first set of rights are not available. 

21. The system of claim 20 further comprises means for mapping an 
access control of the of the second set of rights to an access control of the first 
set of rights. 

22. The system of claim 21 further comprises, means for updating the 
access control list cache with the mapped access control of the first set of 
rights. 
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